Enabling the AKC Download Server Certificate Validation

If you are using the AKC client, you can choose to use the Enable AKC Download Server Certificate Validation feature or opt not to use this feature.

Note: When operating in IPv4 and IPv6 dual stack mode with 'Enable AKC Download Server Certificate Validation' feature, Microsoft^® ClickOnce^® requires that the server certificate CN should not contain a zero compressed form of IPv6 address. If it does you will not be able to successfully download and launch AKC. However, this may conflict with browser preferences for the form of the IPv6 addresss. Use the server hostname in the common name (CN) or include compressed and uncompressed forms of the IPv6 address in the certificate's Subject Alternative Name.

Option 1: Do Not Enable AKC Download Server Certificate Validation (default setting)

If you do not enable AKC Download Server Certificate Validation, all Dominion device users and CC-SG Bookmark and Access Client users must:

• Ensure the cookies from the IP address of the device that is being accessed are not currently being blocked.
• Windows Vista, Windows 7 and Windows 2008 server users should ensure that the IP address of the device being accessed is included in their browser's Trusted Sites Zone and that Protected Mode is not on when accessing the device.

Option 2: Enable AKC Download Server Certificate Validation

If you do enable AKC Download Server Certificate Validation:

• Administrators must upload a valid certificate to the device or generate a self-signed certificate on the device. The certificate must have a valid host designation.
• Each user must add the CA certificate (or a copy of self-signed certificate) to the Trusted Root CA store in their browser.
• When using CC-SG neighborhoods, you must enable AKC on each neighborhood member.

• To install the self-signed certificate when using Windows Vista^® operating system and Windows 7^® operating system:

1. Include the CommandCenter Secure Gateway IP address in the Trusted Site zone and ensure 'Protected Mode' is off.
2. Launch Internet Explorer^® using the CommandCenter Secure Gateway IP address as the URL. A Certificate Error message will be displayed.
3. Select View Certificates.
4. On the General tab, click Install Certificate. The certificate is then installed in the Trusted Root Certification Authorities store.
5. After the certificate is installed, the CommandCenter Secure Gateway IP address should be removed from the Trusted Site zone.

• To enable AKC download server certificate validation:

1. Choose Device Settings > Device Services. The Device Service Settings page opens.
2. Select the Enable AKC Download Server Certificate Validation checkbox or you can leave the feature disabled (default).
3. Click OK.

If you are connecting to a CommandCenter Secure Gateway standalone device and support for AKC download server certificate validation is enabled, the valid IPv6 format to generate the certificate is either:

• CN =[fd07:02fa:6cff:2500:020d:5dff:fe00:01c0] when there is a leading 0

  or

• CN =[fd07:02fa:6cff:2500:020d:5dff:0000:01c0] when there is no zero compression